The flaw discovered in many versions of Microsoft Word for Windows could allow malicious software, including Dridex, to be installed, according to cybersecurity researchers.

A scam email campaign was found to be distributing Microsoft Word RTF [Rich Text Format] documents to recipients that contained Dridex.

‘Fully exploited’

“During our testing (for example on Office 2010) the vulnerable system was fully exploited,” wrote Proofpoint researchers in a blog.

“We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically,” said a Microsoft spokesman.

“Meanwhile we encourage customers to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue.”